@nervekit/tools 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/NOTICE +5 -0
- package/dist/catalog/core/filesystem.tools.d.ts +140 -0
- package/dist/catalog/core/filesystem.tools.d.ts.map +1 -0
- package/dist/catalog/core/filesystem.tools.js +221 -0
- package/dist/catalog/core/filesystem.tools.js.map +1 -0
- package/dist/catalog/core/interaction.tools.d.ts +37 -0
- package/dist/catalog/core/interaction.tools.d.ts.map +1 -0
- package/dist/catalog/core/interaction.tools.js +55 -0
- package/dist/catalog/core/interaction.tools.js.map +1 -0
- package/dist/catalog/core/python.tools.d.ts +17 -0
- package/dist/catalog/core/python.tools.d.ts.map +1 -0
- package/dist/catalog/core/python.tools.js +32 -0
- package/dist/catalog/core/python.tools.js.map +1 -0
- package/dist/catalog/core/shell.tools.d.ts +14 -0
- package/dist/catalog/core/shell.tools.d.ts.map +1 -0
- package/dist/catalog/core/shell.tools.js +22 -0
- package/dist/catalog/core/shell.tools.js.map +1 -0
- package/dist/catalog/core/web.tools.d.ts +23 -0
- package/dist/catalog/core/web.tools.d.ts.map +1 -0
- package/dist/catalog/core/web.tools.js +34 -0
- package/dist/catalog/core/web.tools.js.map +1 -0
- package/dist/catalog/descriptors.d.ts +4 -0
- package/dist/catalog/descriptors.d.ts.map +1 -0
- package/dist/catalog/descriptors.js +17 -0
- package/dist/catalog/descriptors.js.map +1 -0
- package/dist/catalog/index.d.ts +18 -0
- package/dist/catalog/index.d.ts.map +1 -0
- package/dist/catalog/index.js +44 -0
- package/dist/catalog/index.js.map +1 -0
- package/dist/catalog/orchestration/explore.tools.d.ts +20 -0
- package/dist/catalog/orchestration/explore.tools.d.ts.map +1 -0
- package/dist/catalog/orchestration/explore.tools.js +42 -0
- package/dist/catalog/orchestration/explore.tools.js.map +1 -0
- package/dist/catalog/orchestration/plan-mode.tools.d.ts +32 -0
- package/dist/catalog/orchestration/plan-mode.tools.d.ts.map +1 -0
- package/dist/catalog/orchestration/plan-mode.tools.js +43 -0
- package/dist/catalog/orchestration/plan-mode.tools.js.map +1 -0
- package/dist/catalog/orchestration/process.tools.d.ts +68 -0
- package/dist/catalog/orchestration/process.tools.d.ts.map +1 -0
- package/dist/catalog/orchestration/process.tools.js +96 -0
- package/dist/catalog/orchestration/process.tools.js.map +1 -0
- package/dist/catalog/orchestration/subagent.tools.d.ts +16 -0
- package/dist/catalog/orchestration/subagent.tools.d.ts.map +1 -0
- package/dist/catalog/orchestration/subagent.tools.js +25 -0
- package/dist/catalog/orchestration/subagent.tools.js.map +1 -0
- package/dist/catalog/orchestration/task.tools.d.ts +107 -0
- package/dist/catalog/orchestration/task.tools.d.ts.map +1 -0
- package/dist/catalog/orchestration/task.tools.js +170 -0
- package/dist/catalog/orchestration/task.tools.js.map +1 -0
- package/dist/catalog/risk.d.ts +3 -0
- package/dist/catalog/risk.d.ts.map +1 -0
- package/dist/catalog/risk.js +29 -0
- package/dist/catalog/risk.js.map +1 -0
- package/dist/catalog/types.d.ts +14 -0
- package/dist/catalog/types.d.ts.map +1 -0
- package/dist/catalog/types.js +2 -0
- package/dist/catalog/types.js.map +1 -0
- package/dist/definitions.d.ts +2 -0
- package/dist/definitions.d.ts.map +1 -0
- package/dist/definitions.js +2 -0
- package/dist/definitions.js.map +1 -0
- package/dist/execution/atomic-write.d.ts +2 -0
- package/dist/execution/atomic-write.d.ts.map +1 -0
- package/dist/execution/atomic-write.js +7 -0
- package/dist/execution/atomic-write.js.map +1 -0
- package/dist/execution/bash.d.ts +3 -0
- package/dist/execution/bash.d.ts.map +1 -0
- package/dist/execution/bash.js +133 -0
- package/dist/execution/bash.js.map +1 -0
- package/dist/execution/common/args.d.ts +2 -0
- package/dist/execution/common/args.d.ts.map +1 -0
- package/dist/execution/common/args.js +6 -0
- package/dist/execution/common/args.js.map +1 -0
- package/dist/execution/common/output-budget.d.ts +61 -0
- package/dist/execution/common/output-budget.d.ts.map +1 -0
- package/dist/execution/common/output-budget.js +140 -0
- package/dist/execution/common/output-budget.js.map +1 -0
- package/dist/execution/common/process-result.d.ts +44 -0
- package/dist/execution/common/process-result.d.ts.map +1 -0
- package/dist/execution/common/process-result.js +322 -0
- package/dist/execution/common/process-result.js.map +1 -0
- package/dist/execution/common/search-utils.d.ts +8 -0
- package/dist/execution/common/search-utils.d.ts.map +1 -0
- package/dist/execution/common/search-utils.js +110 -0
- package/dist/execution/common/search-utils.js.map +1 -0
- package/dist/execution/common/tool-error.d.ts +8 -0
- package/dist/execution/common/tool-error.d.ts.map +1 -0
- package/dist/execution/common/tool-error.js +14 -0
- package/dist/execution/common/tool-error.js.map +1 -0
- package/dist/execution/common/truncate.d.ts +27 -0
- package/dist/execution/common/truncate.d.ts.map +1 -0
- package/dist/execution/common/truncate.js +108 -0
- package/dist/execution/common/truncate.js.map +1 -0
- package/dist/execution/common.d.ts +2 -0
- package/dist/execution/common.d.ts.map +1 -0
- package/dist/execution/common.js +6 -0
- package/dist/execution/common.js.map +1 -0
- package/dist/execution/core-dispatch.d.ts +4 -0
- package/dist/execution/core-dispatch.d.ts.map +1 -0
- package/dist/execution/core-dispatch.js +58 -0
- package/dist/execution/core-dispatch.js.map +1 -0
- package/dist/execution/dispatch.d.ts +4 -0
- package/dist/execution/dispatch.d.ts.map +1 -0
- package/dist/execution/dispatch.js +54 -0
- package/dist/execution/dispatch.js.map +1 -0
- package/dist/execution/edit.d.ts +9 -0
- package/dist/execution/edit.d.ts.map +1 -0
- package/dist/execution/edit.js +175 -0
- package/dist/execution/edit.js.map +1 -0
- package/dist/execution/file-mutation-queue.d.ts +2 -0
- package/dist/execution/file-mutation-queue.d.ts.map +1 -0
- package/dist/execution/file-mutation-queue.js +19 -0
- package/dist/execution/file-mutation-queue.js.map +1 -0
- package/dist/execution/filesystem/atomic-write.d.ts +2 -0
- package/dist/execution/filesystem/atomic-write.d.ts.map +1 -0
- package/dist/execution/filesystem/atomic-write.js +7 -0
- package/dist/execution/filesystem/atomic-write.js.map +1 -0
- package/dist/execution/filesystem/edit-args.d.ts +46 -0
- package/dist/execution/filesystem/edit-args.d.ts.map +1 -0
- package/dist/execution/filesystem/edit-args.js +212 -0
- package/dist/execution/filesystem/edit-args.js.map +1 -0
- package/dist/execution/filesystem/edit-errors.d.ts +4 -0
- package/dist/execution/filesystem/edit-errors.d.ts.map +1 -0
- package/dist/execution/filesystem/edit-errors.js +8 -0
- package/dist/execution/filesystem/edit-errors.js.map +1 -0
- package/dist/execution/filesystem/edit.d.ts +4 -0
- package/dist/execution/filesystem/edit.d.ts.map +1 -0
- package/dist/execution/filesystem/edit.js +330 -0
- package/dist/execution/filesystem/edit.js.map +1 -0
- package/dist/execution/filesystem/file-mutation-queue.d.ts +2 -0
- package/dist/execution/filesystem/file-mutation-queue.d.ts.map +1 -0
- package/dist/execution/filesystem/file-mutation-queue.js +19 -0
- package/dist/execution/filesystem/file-mutation-queue.js.map +1 -0
- package/dist/execution/filesystem/find.d.ts +3 -0
- package/dist/execution/filesystem/find.d.ts.map +1 -0
- package/dist/execution/filesystem/find.js +93 -0
- package/dist/execution/filesystem/find.js.map +1 -0
- package/dist/execution/filesystem/legacy-edit.d.ts +9 -0
- package/dist/execution/filesystem/legacy-edit.d.ts.map +1 -0
- package/dist/execution/filesystem/legacy-edit.js +122 -0
- package/dist/execution/filesystem/legacy-edit.js.map +1 -0
- package/dist/execution/filesystem/list.d.ts +3 -0
- package/dist/execution/filesystem/list.d.ts.map +1 -0
- package/dist/execution/filesystem/list.js +49 -0
- package/dist/execution/filesystem/list.js.map +1 -0
- package/dist/execution/filesystem/path.d.ts +7 -0
- package/dist/execution/filesystem/path.d.ts.map +1 -0
- package/dist/execution/filesystem/path.js +69 -0
- package/dist/execution/filesystem/path.js.map +1 -0
- package/dist/execution/filesystem/read.d.ts +3 -0
- package/dist/execution/filesystem/read.d.ts.map +1 -0
- package/dist/execution/filesystem/read.js +225 -0
- package/dist/execution/filesystem/read.js.map +1 -0
- package/dist/execution/filesystem/search.d.ts +3 -0
- package/dist/execution/filesystem/search.d.ts.map +1 -0
- package/dist/execution/filesystem/search.js +149 -0
- package/dist/execution/filesystem/search.js.map +1 -0
- package/dist/execution/filesystem/smart-match.d.ts +31 -0
- package/dist/execution/filesystem/smart-match.d.ts.map +1 -0
- package/dist/execution/filesystem/smart-match.js +309 -0
- package/dist/execution/filesystem/smart-match.js.map +1 -0
- package/dist/execution/filesystem/text-editing.d.ts +9 -0
- package/dist/execution/filesystem/text-editing.d.ts.map +1 -0
- package/dist/execution/filesystem/text-editing.js +43 -0
- package/dist/execution/filesystem/text-editing.js.map +1 -0
- package/dist/execution/filesystem/write.d.ts +3 -0
- package/dist/execution/filesystem/write.d.ts.map +1 -0
- package/dist/execution/filesystem/write.js +21 -0
- package/dist/execution/filesystem/write.js.map +1 -0
- package/dist/execution/find.d.ts +3 -0
- package/dist/execution/find.d.ts.map +1 -0
- package/dist/execution/find.js +90 -0
- package/dist/execution/find.js.map +1 -0
- package/dist/execution/index.d.ts +18 -0
- package/dist/execution/index.d.ts.map +1 -0
- package/dist/execution/index.js +17 -0
- package/dist/execution/index.js.map +1 -0
- package/dist/execution/list.d.ts +3 -0
- package/dist/execution/list.d.ts.map +1 -0
- package/dist/execution/list.js +46 -0
- package/dist/execution/list.js.map +1 -0
- package/dist/execution/path.d.ts +7 -0
- package/dist/execution/path.d.ts.map +1 -0
- package/dist/execution/path.js +69 -0
- package/dist/execution/path.js.map +1 -0
- package/dist/execution/python/python.d.ts +3 -0
- package/dist/execution/python/python.d.ts.map +1 -0
- package/dist/execution/python/python.js +566 -0
- package/dist/execution/python/python.js.map +1 -0
- package/dist/execution/python/runtime.d.ts +22 -0
- package/dist/execution/python/runtime.d.ts.map +1 -0
- package/dist/execution/python/runtime.js +178 -0
- package/dist/execution/python/runtime.js.map +1 -0
- package/dist/execution/read.d.ts +3 -0
- package/dist/execution/read.d.ts.map +1 -0
- package/dist/execution/read.js +97 -0
- package/dist/execution/read.js.map +1 -0
- package/dist/execution/search-utils.d.ts +8 -0
- package/dist/execution/search-utils.d.ts.map +1 -0
- package/dist/execution/search-utils.js +110 -0
- package/dist/execution/search-utils.js.map +1 -0
- package/dist/execution/search.d.ts +3 -0
- package/dist/execution/search.d.ts.map +1 -0
- package/dist/execution/search.js +131 -0
- package/dist/execution/search.js.map +1 -0
- package/dist/execution/shell/bash.d.ts +3 -0
- package/dist/execution/shell/bash.d.ts.map +1 -0
- package/dist/execution/shell/bash.js +134 -0
- package/dist/execution/shell/bash.js.map +1 -0
- package/dist/execution/truncate.d.ts +21 -0
- package/dist/execution/truncate.d.ts.map +1 -0
- package/dist/execution/truncate.js +94 -0
- package/dist/execution/truncate.js.map +1 -0
- package/dist/execution/web/web-fetch.d.ts +3 -0
- package/dist/execution/web/web-fetch.d.ts.map +1 -0
- package/dist/execution/web/web-fetch.js +132 -0
- package/dist/execution/web/web-fetch.js.map +1 -0
- package/dist/execution/web/web-search.d.ts +3 -0
- package/dist/execution/web/web-search.d.ts.map +1 -0
- package/dist/execution/web/web-search.js +59 -0
- package/dist/execution/web/web-search.js.map +1 -0
- package/dist/execution/web-fetch.d.ts +3 -0
- package/dist/execution/web-fetch.d.ts.map +1 -0
- package/dist/execution/web-fetch.js +132 -0
- package/dist/execution/web-fetch.js.map +1 -0
- package/dist/execution/web-search.d.ts +3 -0
- package/dist/execution/web-search.d.ts.map +1 -0
- package/dist/execution/web-search.js +59 -0
- package/dist/execution/web-search.js.map +1 -0
- package/dist/execution/write.d.ts +3 -0
- package/dist/execution/write.d.ts.map +1 -0
- package/dist/execution/write.js +21 -0
- package/dist/execution/write.js.map +1 -0
- package/dist/index.d.ts +9 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +11 -0
- package/dist/index.js.map +1 -0
- package/dist/safety/command-policy-git.d.ts +2 -0
- package/dist/safety/command-policy-git.d.ts.map +1 -0
- package/dist/safety/command-policy-git.js +88 -0
- package/dist/safety/command-policy-git.js.map +1 -0
- package/dist/safety/command-policy-options.d.ts +6 -0
- package/dist/safety/command-policy-options.d.ts.map +1 -0
- package/dist/safety/command-policy-options.js +112 -0
- package/dist/safety/command-policy-options.js.map +1 -0
- package/dist/safety/command-policy-packages.d.ts +4 -0
- package/dist/safety/command-policy-packages.d.ts.map +1 -0
- package/dist/safety/command-policy-packages.js +161 -0
- package/dist/safety/command-policy-packages.js.map +1 -0
- package/dist/safety/command-policy-parser.d.ts +11 -0
- package/dist/safety/command-policy-parser.d.ts.map +1 -0
- package/dist/safety/command-policy-parser.js +121 -0
- package/dist/safety/command-policy-parser.js.map +1 -0
- package/dist/safety/command-policy-wrappers.d.ts +6 -0
- package/dist/safety/command-policy-wrappers.d.ts.map +1 -0
- package/dist/safety/command-policy-wrappers.js +95 -0
- package/dist/safety/command-policy-wrappers.js.map +1 -0
- package/dist/safety/command-policy.d.ts +6 -0
- package/dist/safety/command-policy.d.ts.map +1 -0
- package/dist/safety/command-policy.js +118 -0
- package/dist/safety/command-policy.js.map +1 -0
- package/dist/types.d.ts +78 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +2 -0
- package/dist/types.js.map +1 -0
- package/package.json +48 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"web-search.d.ts","sourceRoot":"","sources":["../../src/execution/web-search.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAmC7E,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,mBAAmB,CAAC,CAoD9B"}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
import { numberArg } from "./common.js";
|
|
2
|
+
function stringArg(value, name) {
|
|
3
|
+
if (typeof value !== "string" || value.trim().length === 0) {
|
|
4
|
+
throw new Error(`${name} must be a non-empty string.`);
|
|
5
|
+
}
|
|
6
|
+
return value;
|
|
7
|
+
}
|
|
8
|
+
function maxResultsArg(value) {
|
|
9
|
+
const parsed = numberArg(value, 5);
|
|
10
|
+
return Math.min(20, Math.max(1, parsed));
|
|
11
|
+
}
|
|
12
|
+
function timeoutSignal(signal, milliseconds) {
|
|
13
|
+
const timeout = AbortSignal.timeout(milliseconds);
|
|
14
|
+
return signal ? AbortSignal.any([signal, timeout]) : timeout;
|
|
15
|
+
}
|
|
16
|
+
export async function executeWebSearch(args, context) {
|
|
17
|
+
const query = stringArg(args.query, "query");
|
|
18
|
+
const maxResults = maxResultsArg(args.max_results);
|
|
19
|
+
const apiKey = (await context.getApiKey?.("tavily")) ?? process.env.TAVILY_API_KEY;
|
|
20
|
+
if (!apiKey) {
|
|
21
|
+
throw new Error("Tavily API key is not configured. Configure provider 'tavily' in Nerve or set TAVILY_API_KEY.");
|
|
22
|
+
}
|
|
23
|
+
const response = await fetch("https://api.tavily.com/search", {
|
|
24
|
+
method: "POST",
|
|
25
|
+
headers: { "Content-Type": "application/json" },
|
|
26
|
+
body: JSON.stringify({
|
|
27
|
+
api_key: apiKey,
|
|
28
|
+
query,
|
|
29
|
+
max_results: maxResults,
|
|
30
|
+
include_answer: true,
|
|
31
|
+
}),
|
|
32
|
+
signal: timeoutSignal(context.signal, 60_000),
|
|
33
|
+
});
|
|
34
|
+
if (!response.ok) {
|
|
35
|
+
throw new Error(`Tavily API error: ${response.status} ${await response.text()}`);
|
|
36
|
+
}
|
|
37
|
+
const data = (await response.json());
|
|
38
|
+
const results = Array.isArray(data.results) ? data.results : [];
|
|
39
|
+
const lines = [];
|
|
40
|
+
if (data.answer)
|
|
41
|
+
lines.push(`**Answer:** ${data.answer}`, "");
|
|
42
|
+
for (const result of results) {
|
|
43
|
+
lines.push(`### ${result.title}`, result.url, "", result.content, "");
|
|
44
|
+
}
|
|
45
|
+
const content = lines.join("\n").trimEnd();
|
|
46
|
+
return {
|
|
47
|
+
content,
|
|
48
|
+
contentBlocks: [{ type: "text", text: content }],
|
|
49
|
+
details: {
|
|
50
|
+
query,
|
|
51
|
+
answer: data.answer,
|
|
52
|
+
results: results.map((result) => ({
|
|
53
|
+
title: result.title,
|
|
54
|
+
url: result.url,
|
|
55
|
+
})),
|
|
56
|
+
},
|
|
57
|
+
};
|
|
58
|
+
}
|
|
59
|
+
//# sourceMappingURL=web-search.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"web-search.js","sourceRoot":"","sources":["../../src/execution/web-search.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAcxC,SAAS,SAAS,CAAC,KAAc,EAAE,IAAY;IAC7C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,8BAA8B,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACnC,OAAO,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,aAAa,CACpB,MAA+B,EAC/B,YAAoB;IAEpB,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAClD,OAAO,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;AAC/D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAA6B,EAC7B,OAA6B;IAE7B,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC7C,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACnD,MAAM,MAAM,GACV,CAAC,MAAM,OAAO,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAEtE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,+FAA+F,CAChG,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,+BAA+B,EAAE;QAC5D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO,EAAE,MAAM;YACf,KAAK;YACL,WAAW,EAAE,UAAU;YACvB,cAAc,EAAE,IAAI;SACrB,CAAC;QACF,MAAM,EAAE,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC;KAC9C,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,qBAAqB,QAAQ,CAAC,MAAM,IAAI,MAAM,QAAQ,CAAC,IAAI,EAAE,EAAE,CAChE,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmB,CAAC;IACvD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;IAEhE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,IAAI,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IAC9D,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,OAAO,MAAM,CAAC,KAAK,EAAE,EAAE,MAAM,CAAC,GAAG,EAAE,EAAE,EAAE,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;IAE3C,OAAO;QACL,OAAO;QACP,aAAa,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAChD,OAAO,EAAE;YACP,KAAK;YACL,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;gBAChC,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,GAAG,EAAE,MAAM,CAAC,GAAG;aAChB,CAAC,CAAC;SACJ;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"write.d.ts","sourceRoot":"","sources":["../../src/execution/write.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAK7E,wBAAsB,YAAY,CAChC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,mBAAmB,CAAC,CAc9B"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { mkdir } from "node:fs/promises";
|
|
2
|
+
import { dirname } from "node:path";
|
|
3
|
+
import { writeTextFileAtomically } from "./atomic-write.js";
|
|
4
|
+
import { withFileMutationQueue } from "./file-mutation-queue.js";
|
|
5
|
+
import { resolveToolPath } from "./path.js";
|
|
6
|
+
export async function executeWrite(args, context) {
|
|
7
|
+
const path = resolveToolPath(context.cwd, args.path);
|
|
8
|
+
if (typeof args.content !== "string")
|
|
9
|
+
throw new Error("Tool argument 'content' must be a string.");
|
|
10
|
+
return withFileMutationQueue(path, async () => {
|
|
11
|
+
await mkdir(dirname(path), { recursive: true });
|
|
12
|
+
await writeTextFileAtomically(path, args.content);
|
|
13
|
+
const content = `Wrote ${Buffer.byteLength(args.content, "utf8")} bytes.`;
|
|
14
|
+
return {
|
|
15
|
+
path,
|
|
16
|
+
content,
|
|
17
|
+
contentBlocks: [{ type: "text", text: content }],
|
|
18
|
+
};
|
|
19
|
+
});
|
|
20
|
+
}
|
|
21
|
+
//# sourceMappingURL=write.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"write.js","sourceRoot":"","sources":["../../src/execution/write.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,IAA6B,EAC7B,OAA6B;IAE7B,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACrD,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ;QAClC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,OAAO,qBAAqB,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,MAAM,uBAAuB,CAAC,IAAI,EAAE,IAAI,CAAC,OAAiB,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAG,SAAS,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,OAAiB,EAAE,MAAM,CAAC,SAAS,CAAC;QACpF,OAAO;YACL,IAAI;YACJ,OAAO;YACP,aAAa,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;SACjD,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC"}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import type { ToolDescriptor, ToolName, ToolRisk } from "@nervekit/shared";
|
|
2
|
+
export * from "./catalog/index.js";
|
|
3
|
+
export { appendBoundedTextNotice, type BoundedTextResult, boundContentBlocks, boundLiveOutputChunk, boundText, buildProcessResult, buildProcessTextResult, executeEdit, executeTool, FILE_OUTPUT_MAX_LINE_CHARS, LIVE_OUTPUT_MAX_BYTES, LIVE_OUTPUT_MAX_LINE_CHARS, LIVE_OUTPUT_MAX_LINES, MODEL_TEXT_MAX_BYTES, MODEL_TEXT_MAX_LINE_CHARS, MODEL_TEXT_MAX_LINES, normalizeEditArgs, PROCESS_INLINE_MAX_LINE_CHARS, type PythonRuntime, type PythonRuntimeStatus, resolvePythonRuntime, resolveToolPath, type TextBoundaryDetails, type TextBudget, ToolExecutionError, textBoundaryDetails, } from "./execution/index.js";
|
|
4
|
+
export { hasDangerousCommandPattern, hasShellControlOperator, isAllowedPlanModeBashCommand, isKnownReadOnlyCommand, isLikelyLongRunningCommand, } from "./safety/command-policy.js";
|
|
5
|
+
export * from "./types.js";
|
|
6
|
+
export declare const coreToolDescriptors: ToolDescriptor[];
|
|
7
|
+
export declare const allToolDescriptors: ToolDescriptor[];
|
|
8
|
+
export declare function toolRiskForName(name: ToolName): ToolRisk;
|
|
9
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAO3E,cAAc,oBAAoB,CAAC;AACnC,OAAO,EACL,uBAAuB,EACvB,KAAK,iBAAiB,EACtB,kBAAkB,EAClB,oBAAoB,EACpB,SAAS,EACT,kBAAkB,EAClB,sBAAsB,EACtB,WAAW,EACX,WAAW,EACX,0BAA0B,EAC1B,qBAAqB,EACrB,0BAA0B,EAC1B,qBAAqB,EACrB,oBAAoB,EACpB,yBAAyB,EACzB,oBAAoB,EACpB,iBAAiB,EACjB,6BAA6B,EAC7B,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,oBAAoB,EACpB,eAAe,EACf,KAAK,mBAAmB,EACxB,KAAK,UAAU,EACf,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,0BAA0B,EAC1B,uBAAuB,EACvB,4BAA4B,EAC5B,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,4BAA4B,CAAC;AACpC,cAAc,YAAY,CAAC;AAE3B,eAAO,MAAM,mBAAmB,EAAE,cAAc,EACV,CAAC;AAEvC,eAAO,MAAM,kBAAkB,EAAE,cAAc,EACV,CAAC;AAEtC,wBAAgB,eAAe,CAAC,IAAI,EAAE,QAAQ,GAAG,QAAQ,CAExD"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { allToolDescriptorsFromDefinitions, coreToolDescriptorsFromDefinitions, coreToolRiskForName, } from "./catalog/index.js";
|
|
2
|
+
export * from "./catalog/index.js";
|
|
3
|
+
export { appendBoundedTextNotice, boundContentBlocks, boundLiveOutputChunk, boundText, buildProcessResult, buildProcessTextResult, executeEdit, executeTool, FILE_OUTPUT_MAX_LINE_CHARS, LIVE_OUTPUT_MAX_BYTES, LIVE_OUTPUT_MAX_LINE_CHARS, LIVE_OUTPUT_MAX_LINES, MODEL_TEXT_MAX_BYTES, MODEL_TEXT_MAX_LINE_CHARS, MODEL_TEXT_MAX_LINES, normalizeEditArgs, PROCESS_INLINE_MAX_LINE_CHARS, resolvePythonRuntime, resolveToolPath, ToolExecutionError, textBoundaryDetails, } from "./execution/index.js";
|
|
4
|
+
export { hasDangerousCommandPattern, hasShellControlOperator, isAllowedPlanModeBashCommand, isKnownReadOnlyCommand, isLikelyLongRunningCommand, } from "./safety/command-policy.js";
|
|
5
|
+
export * from "./types.js";
|
|
6
|
+
export const coreToolDescriptors = coreToolDescriptorsFromDefinitions();
|
|
7
|
+
export const allToolDescriptors = allToolDescriptorsFromDefinitions();
|
|
8
|
+
export function toolRiskForName(name) {
|
|
9
|
+
return coreToolRiskForName(name);
|
|
10
|
+
}
|
|
11
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,iCAAiC,EACjC,kCAAkC,EAClC,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAE5B,cAAc,oBAAoB,CAAC;AACnC,OAAO,EACL,uBAAuB,EAEvB,kBAAkB,EAClB,oBAAoB,EACpB,SAAS,EACT,kBAAkB,EAClB,sBAAsB,EACtB,WAAW,EACX,WAAW,EACX,0BAA0B,EAC1B,qBAAqB,EACrB,0BAA0B,EAC1B,qBAAqB,EACrB,oBAAoB,EACpB,yBAAyB,EACzB,oBAAoB,EACpB,iBAAiB,EACjB,6BAA6B,EAG7B,oBAAoB,EACpB,eAAe,EAGf,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,0BAA0B,EAC1B,uBAAuB,EACvB,4BAA4B,EAC5B,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,4BAA4B,CAAC;AACpC,cAAc,YAAY,CAAC;AAE3B,MAAM,CAAC,MAAM,mBAAmB,GAC9B,kCAAkC,EAAE,CAAC;AAEvC,MAAM,CAAC,MAAM,kBAAkB,GAC7B,iCAAiC,EAAE,CAAC;AAEtC,MAAM,UAAU,eAAe,CAAC,IAAc;IAC5C,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"command-policy-git.d.ts","sourceRoot":"","sources":["../../src/safety/command-policy-git.ts"],"names":[],"mappings":"AAgEA,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CA8ChE"}
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
import { hasAnyToken, normalizeCommandName, } from "./command-policy-wrappers.js";
|
|
2
|
+
function getGitSubcommandIndex(tokens) {
|
|
3
|
+
for (let i = 1; i < tokens.length; i++) {
|
|
4
|
+
const token = tokens[i];
|
|
5
|
+
if (token === "-C" ||
|
|
6
|
+
token === "-c" ||
|
|
7
|
+
token === "--git-dir" ||
|
|
8
|
+
token === "--namespace" ||
|
|
9
|
+
token === "--work-tree") {
|
|
10
|
+
i++;
|
|
11
|
+
continue;
|
|
12
|
+
}
|
|
13
|
+
if (token === "--bare" ||
|
|
14
|
+
token === "--no-pager" ||
|
|
15
|
+
token === "--paginate" ||
|
|
16
|
+
token.startsWith("--git-dir=") ||
|
|
17
|
+
token.startsWith("--namespace=") ||
|
|
18
|
+
token.startsWith("--work-tree=")) {
|
|
19
|
+
continue;
|
|
20
|
+
}
|
|
21
|
+
if (token.startsWith("-"))
|
|
22
|
+
continue;
|
|
23
|
+
return i;
|
|
24
|
+
}
|
|
25
|
+
return undefined;
|
|
26
|
+
}
|
|
27
|
+
const BLOCKED_GIT_SUBCOMMANDS = new Set([
|
|
28
|
+
"add",
|
|
29
|
+
"am",
|
|
30
|
+
"apply",
|
|
31
|
+
"bisect",
|
|
32
|
+
"checkout",
|
|
33
|
+
"cherry-pick",
|
|
34
|
+
"clean",
|
|
35
|
+
"clone",
|
|
36
|
+
"commit",
|
|
37
|
+
"fetch",
|
|
38
|
+
"gc",
|
|
39
|
+
"init",
|
|
40
|
+
"merge",
|
|
41
|
+
"mv",
|
|
42
|
+
"pull",
|
|
43
|
+
"push",
|
|
44
|
+
"rebase",
|
|
45
|
+
"reflog",
|
|
46
|
+
"reset",
|
|
47
|
+
"restore",
|
|
48
|
+
"revert",
|
|
49
|
+
"rm",
|
|
50
|
+
"stash",
|
|
51
|
+
"submodule",
|
|
52
|
+
"switch",
|
|
53
|
+
"tag",
|
|
54
|
+
"worktree",
|
|
55
|
+
]);
|
|
56
|
+
export function isBlockedGitInvocation(tokens) {
|
|
57
|
+
const rootCommand = normalizeCommandName(tokens[0] ?? "");
|
|
58
|
+
if (rootCommand !== "git")
|
|
59
|
+
return false;
|
|
60
|
+
const subcommandIndex = getGitSubcommandIndex(tokens);
|
|
61
|
+
if (subcommandIndex === undefined)
|
|
62
|
+
return false;
|
|
63
|
+
const subcommand = tokens[subcommandIndex];
|
|
64
|
+
const args = tokens.slice(subcommandIndex + 1);
|
|
65
|
+
if (subcommand === "branch") {
|
|
66
|
+
return hasAnyToken(args, new Set(["-d", "-D", "-m", "-M", "--delete", "--move"]));
|
|
67
|
+
}
|
|
68
|
+
if (subcommand === "config") {
|
|
69
|
+
return !args.some((arg) => arg === "--get" ||
|
|
70
|
+
arg === "--get-all" ||
|
|
71
|
+
arg === "--get-regexp" ||
|
|
72
|
+
arg === "--list" ||
|
|
73
|
+
arg === "--name-only" ||
|
|
74
|
+
arg === "--show-origin" ||
|
|
75
|
+
arg === "-l");
|
|
76
|
+
}
|
|
77
|
+
if (subcommand === "diff") {
|
|
78
|
+
return args.some((arg) => arg === "--output" || arg.startsWith("--output="));
|
|
79
|
+
}
|
|
80
|
+
if (subcommand === "remote") {
|
|
81
|
+
const remoteAction = args.find((arg) => !arg.startsWith("-"));
|
|
82
|
+
return !(remoteAction === undefined ||
|
|
83
|
+
remoteAction === "get-url" ||
|
|
84
|
+
remoteAction === "show");
|
|
85
|
+
}
|
|
86
|
+
return BLOCKED_GIT_SUBCOMMANDS.has(subcommand);
|
|
87
|
+
}
|
|
88
|
+
//# sourceMappingURL=command-policy-git.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"command-policy-git.js","sourceRoot":"","sources":["../../src/safety/command-policy-git.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EACX,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AAEtC,SAAS,qBAAqB,CAAC,MAAgB;IAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,IACE,KAAK,KAAK,IAAI;YACd,KAAK,KAAK,IAAI;YACd,KAAK,KAAK,WAAW;YACrB,KAAK,KAAK,aAAa;YACvB,KAAK,KAAK,aAAa,EACvB,CAAC;YACD,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QACD,IACE,KAAK,KAAK,QAAQ;YAClB,KAAK,KAAK,YAAY;YACtB,KAAK,KAAK,YAAY;YACtB,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC;YAC9B,KAAK,CAAC,UAAU,CAAC,cAAc,CAAC;YAChC,KAAK,CAAC,UAAU,CAAC,cAAc,CAAC,EAChC,CAAC;YACD,SAAS;QACX,CAAC;QACD,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QACpC,OAAO,CAAC,CAAC;IACX,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC;IACtC,KAAK;IACL,IAAI;IACJ,OAAO;IACP,QAAQ;IACR,UAAU;IACV,aAAa;IACb,OAAO;IACP,OAAO;IACP,QAAQ;IACR,OAAO;IACP,IAAI;IACJ,MAAM;IACN,OAAO;IACP,IAAI;IACJ,MAAM;IACN,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,SAAS;IACT,QAAQ;IACR,IAAI;IACJ,OAAO;IACP,WAAW;IACX,QAAQ;IACR,KAAK;IACL,UAAU;CACX,CAAC,CAAC;AAEH,MAAM,UAAU,sBAAsB,CAAC,MAAgB;IACrD,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1D,IAAI,WAAW,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IAExC,MAAM,eAAe,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;IACtD,IAAI,eAAe,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAEhD,MAAM,UAAU,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,eAAe,GAAG,CAAC,CAAC,CAAC;IAE/C,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,WAAW,CAChB,IAAI,EACJ,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC,CACxD,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,IAAI,CACf,CAAC,GAAG,EAAE,EAAE,CACN,GAAG,KAAK,OAAO;YACf,GAAG,KAAK,WAAW;YACnB,GAAG,KAAK,cAAc;YACtB,GAAG,KAAK,QAAQ;YAChB,GAAG,KAAK,aAAa;YACrB,GAAG,KAAK,eAAe;YACvB,GAAG,KAAK,IAAI,CACf,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC,IAAI,CACd,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,UAAU,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,CAC3D,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9D,OAAO,CAAC,CACN,YAAY,KAAK,SAAS;YAC1B,YAAY,KAAK,SAAS;YAC1B,YAAY,KAAK,MAAM,CACxB,CAAC;IACJ,CAAC;IAED,OAAO,uBAAuB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;AACjD,CAAC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
type SegmentBlocker = (tokens: string[]) => boolean;
|
|
2
|
+
export declare function hasGenericWriteOrLongRunningFlag(tokens: string[]): boolean;
|
|
3
|
+
export declare function isBlockedLongRunningInvocation(tokens: string[]): boolean;
|
|
4
|
+
export declare function isBlockedByCommandOptions(tokens: string[], isBlockedCommandSegment: SegmentBlocker): boolean;
|
|
5
|
+
export {};
|
|
6
|
+
//# sourceMappingURL=command-policy-options.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"command-policy-options.d.ts","sourceRoot":"","sources":["../../src/safety/command-policy-options.ts"],"names":[],"mappings":"AAKA,KAAK,cAAc,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC;AAsBpD,wBAAgB,gCAAgC,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAS1E;AAED,wBAAgB,8BAA8B,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAuBxE;AAED,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,MAAM,EAAE,EAChB,uBAAuB,EAAE,cAAc,GACtC,OAAO,CA6FT"}
|
|
@@ -0,0 +1,112 @@
|
|
|
1
|
+
import { hasAnyToken, normalizeCommandName, } from "./command-policy-wrappers.js";
|
|
2
|
+
const INTERPRETER_EVAL_COMMANDS = new Set([
|
|
3
|
+
"deno",
|
|
4
|
+
"node",
|
|
5
|
+
"perl",
|
|
6
|
+
"php",
|
|
7
|
+
"python",
|
|
8
|
+
"python3",
|
|
9
|
+
"ruby",
|
|
10
|
+
]);
|
|
11
|
+
const GENERIC_WRITE_OR_LONG_RUNNING_FLAGS = new Set([
|
|
12
|
+
"--fix",
|
|
13
|
+
"--update-snapshot",
|
|
14
|
+
"--updateSnapshot",
|
|
15
|
+
"--watch",
|
|
16
|
+
"--watch-all",
|
|
17
|
+
"--watchAll",
|
|
18
|
+
"--write",
|
|
19
|
+
]);
|
|
20
|
+
export function hasGenericWriteOrLongRunningFlag(tokens) {
|
|
21
|
+
return tokens.some((token) => {
|
|
22
|
+
if (GENERIC_WRITE_OR_LONG_RUNNING_FLAGS.has(token))
|
|
23
|
+
return true;
|
|
24
|
+
return (token.startsWith("--fix=") ||
|
|
25
|
+
token.startsWith("--watch=") ||
|
|
26
|
+
token.startsWith("--write="));
|
|
27
|
+
});
|
|
28
|
+
}
|
|
29
|
+
export function isBlockedLongRunningInvocation(tokens) {
|
|
30
|
+
const rootCommand = normalizeCommandName(tokens[0] ?? "");
|
|
31
|
+
if (["less", "more", "sleep", "top", "htop", "watch", "yes"].includes(rootCommand)) {
|
|
32
|
+
return true;
|
|
33
|
+
}
|
|
34
|
+
if (rootCommand === "tail") {
|
|
35
|
+
return tokens.some((token) => token === "-f" || token === "--follow");
|
|
36
|
+
}
|
|
37
|
+
if (rootCommand === "ping") {
|
|
38
|
+
return !tokens.some((token) => token === "-c" || token === "--count" || token.startsWith("-c"));
|
|
39
|
+
}
|
|
40
|
+
return false;
|
|
41
|
+
}
|
|
42
|
+
export function isBlockedByCommandOptions(tokens, isBlockedCommandSegment) {
|
|
43
|
+
const rootCommand = normalizeCommandName(tokens[0] ?? "");
|
|
44
|
+
if (hasGenericWriteOrLongRunningFlag(tokens))
|
|
45
|
+
return true;
|
|
46
|
+
if (rootCommand === "find" || rootCommand === "fd") {
|
|
47
|
+
return hasAnyToken(tokens, new Set([
|
|
48
|
+
"-X",
|
|
49
|
+
"-delete",
|
|
50
|
+
"-exec",
|
|
51
|
+
"-execdir",
|
|
52
|
+
"-ok",
|
|
53
|
+
"-okdir",
|
|
54
|
+
"-x",
|
|
55
|
+
"--exec",
|
|
56
|
+
"--exec-batch",
|
|
57
|
+
]));
|
|
58
|
+
}
|
|
59
|
+
if ((rootCommand === "sed" || rootCommand === "perl") &&
|
|
60
|
+
tokens.some((token) => token === "-i" || token.startsWith("-i."))) {
|
|
61
|
+
return true;
|
|
62
|
+
}
|
|
63
|
+
if (rootCommand === "curl" || rootCommand === "wget") {
|
|
64
|
+
for (let i = 1; i < tokens.length; i++) {
|
|
65
|
+
const token = tokens[i];
|
|
66
|
+
if (token === "-O" ||
|
|
67
|
+
token === "-o" ||
|
|
68
|
+
token === "--output" ||
|
|
69
|
+
token === "--remote-name" ||
|
|
70
|
+
token.startsWith("-O") ||
|
|
71
|
+
token.startsWith("-o") ||
|
|
72
|
+
token.startsWith("--output=")) {
|
|
73
|
+
return true;
|
|
74
|
+
}
|
|
75
|
+
const requestMethod = token === "-X" || token === "--request"
|
|
76
|
+
? tokens[i + 1]
|
|
77
|
+
: token.startsWith("-X")
|
|
78
|
+
? token.slice(2)
|
|
79
|
+
: token.startsWith("--request=")
|
|
80
|
+
? token.slice("--request=".length)
|
|
81
|
+
: undefined;
|
|
82
|
+
if (requestMethod &&
|
|
83
|
+
!["GET", "HEAD", "OPTIONS"].includes(requestMethod.toUpperCase())) {
|
|
84
|
+
return true;
|
|
85
|
+
}
|
|
86
|
+
if (token === "-d" ||
|
|
87
|
+
token === "-F" ||
|
|
88
|
+
token === "--data" ||
|
|
89
|
+
token === "--data-raw" ||
|
|
90
|
+
token === "--form" ||
|
|
91
|
+
token === "--post-data" ||
|
|
92
|
+
token.startsWith("--data=") ||
|
|
93
|
+
token.startsWith("--data-raw=") ||
|
|
94
|
+
token.startsWith("--form=") ||
|
|
95
|
+
token.startsWith("--post-data=")) {
|
|
96
|
+
return true;
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
if (INTERPRETER_EVAL_COMMANDS.has(rootCommand)) {
|
|
101
|
+
if (tokens.some((token) => token === "-c" || token === "-e" || token.startsWith("-e"))) {
|
|
102
|
+
return true;
|
|
103
|
+
}
|
|
104
|
+
const moduleIndex = tokens.indexOf("-m");
|
|
105
|
+
const moduleName = moduleIndex >= 0 ? tokens[moduleIndex + 1] : undefined;
|
|
106
|
+
if (moduleName === "pip" || moduleName === "pip3") {
|
|
107
|
+
return isBlockedCommandSegment(tokens.slice(moduleIndex + 1));
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
return false;
|
|
111
|
+
}
|
|
112
|
+
//# sourceMappingURL=command-policy-options.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"command-policy-options.js","sourceRoot":"","sources":["../../src/safety/command-policy-options.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EACX,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AAItC,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC;IACxC,MAAM;IACN,MAAM;IACN,MAAM;IACN,KAAK;IACL,QAAQ;IACR,SAAS;IACT,MAAM;CACP,CAAC,CAAC;AAEH,MAAM,mCAAmC,GAAG,IAAI,GAAG,CAAC;IAClD,OAAO;IACP,mBAAmB;IACnB,kBAAkB;IAClB,SAAS;IACT,aAAa;IACb,YAAY;IACZ,SAAS;CACV,CAAC,CAAC;AAEH,MAAM,UAAU,gCAAgC,CAAC,MAAgB;IAC/D,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;QAC3B,IAAI,mCAAmC,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAChE,OAAO,CACL,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC;YAC1B,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC;YAC5B,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,CAC7B,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,8BAA8B,CAAC,MAAgB;IAC7D,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAE1D,IACE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,QAAQ,CAC/D,WAAW,CACZ,EACD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;QAC3B,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,UAAU,CAAC,CAAC;IACxE,CAAC;IAED,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;QAC3B,OAAO,CAAC,MAAM,CAAC,IAAI,CACjB,CAAC,KAAK,EAAE,EAAE,CACR,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAClE,CAAC;IACJ,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,MAAgB,EAChB,uBAAuC;IAEvC,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAE1D,IAAI,gCAAgC,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAE1D,IAAI,WAAW,KAAK,MAAM,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACnD,OAAO,WAAW,CAChB,MAAM,EACN,IAAI,GAAG,CAAC;YACN,IAAI;YACJ,SAAS;YACT,OAAO;YACP,UAAU;YACV,KAAK;YACL,QAAQ;YACR,IAAI;YACJ,QAAQ;YACR,cAAc;SACf,CAAC,CACH,CAAC;IACJ,CAAC;IAED,IACE,CAAC,WAAW,KAAK,KAAK,IAAI,WAAW,KAAK,MAAM,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EACjE,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,WAAW,KAAK,MAAM,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;QACrD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACxB,IACE,KAAK,KAAK,IAAI;gBACd,KAAK,KAAK,IAAI;gBACd,KAAK,KAAK,UAAU;gBACpB,KAAK,KAAK,eAAe;gBACzB,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;gBACtB,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;gBACtB,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC,EAC7B,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,aAAa,GACjB,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,WAAW;gBACrC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC;gBACf,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;oBACtB,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;oBAChB,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC;wBAC9B,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC;wBAClC,CAAC,CAAC,SAAS,CAAC;YACpB,IACE,aAAa;gBACb,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,WAAW,EAAE,CAAC,EACjE,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IACE,KAAK,KAAK,IAAI;gBACd,KAAK,KAAK,IAAI;gBACd,KAAK,KAAK,QAAQ;gBAClB,KAAK,KAAK,YAAY;gBACtB,KAAK,KAAK,QAAQ;gBAClB,KAAK,KAAK,aAAa;gBACvB,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC;gBAC3B,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC;gBAC/B,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC;gBAC3B,KAAK,CAAC,UAAU,CAAC,cAAc,CAAC,EAChC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,yBAAyB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/C,IACE,MAAM,CAAC,IAAI,CACT,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CACtE,EACD,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,UAAU,GAAG,WAAW,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC1E,IAAI,UAAU,KAAK,KAAK,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;YAClD,OAAO,uBAAuB,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
export type SegmentBlocker = (tokens: string[]) => boolean;
|
|
2
|
+
export declare function isBlockedPackageManagerInvocation(tokens: string[], isBlockedCommandSegment: SegmentBlocker): boolean;
|
|
3
|
+
export declare function isBlockedSystemPackageManagerInvocation(tokens: string[]): boolean;
|
|
4
|
+
//# sourceMappingURL=command-policy-packages.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"command-policy-packages.d.ts","sourceRoot":"","sources":["../../src/safety/command-policy-packages.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,cAAc,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC;AAiI3D,wBAAgB,iCAAiC,CAC/C,MAAM,EAAE,MAAM,EAAE,EAChB,uBAAuB,EAAE,cAAc,GACtC,OAAO,CAoCT;AAED,wBAAgB,uCAAuC,CACrD,MAAM,EAAE,MAAM,EAAE,GACf,OAAO,CAST"}
|
|
@@ -0,0 +1,161 @@
|
|
|
1
|
+
import { hasGenericWriteOrLongRunningFlag } from "./command-policy-options.js";
|
|
2
|
+
import { normalizeCommandName } from "./command-policy-wrappers.js";
|
|
3
|
+
const PACKAGE_MANAGER_ROOTS = new Set([
|
|
4
|
+
"bun",
|
|
5
|
+
"cargo",
|
|
6
|
+
"corepack",
|
|
7
|
+
"gem",
|
|
8
|
+
"just",
|
|
9
|
+
"make",
|
|
10
|
+
"npm",
|
|
11
|
+
"npx",
|
|
12
|
+
"pip",
|
|
13
|
+
"pip3",
|
|
14
|
+
"pnpm",
|
|
15
|
+
"task",
|
|
16
|
+
"yarn",
|
|
17
|
+
]);
|
|
18
|
+
const SYSTEM_PACKAGE_MANAGER_ROOTS = new Set([
|
|
19
|
+
"apt",
|
|
20
|
+
"apt-get",
|
|
21
|
+
"brew",
|
|
22
|
+
"dnf",
|
|
23
|
+
"yum",
|
|
24
|
+
]);
|
|
25
|
+
const MUTATING_PACKAGE_SUBCOMMANDS = new Set([
|
|
26
|
+
"add",
|
|
27
|
+
"audit",
|
|
28
|
+
"autoclean",
|
|
29
|
+
"autoremove",
|
|
30
|
+
"ci",
|
|
31
|
+
"clean",
|
|
32
|
+
"create",
|
|
33
|
+
"dedupe",
|
|
34
|
+
"deploy",
|
|
35
|
+
"dist-upgrade",
|
|
36
|
+
"dlx",
|
|
37
|
+
"doctor",
|
|
38
|
+
"fix",
|
|
39
|
+
"i",
|
|
40
|
+
"import",
|
|
41
|
+
"init",
|
|
42
|
+
"install",
|
|
43
|
+
"link",
|
|
44
|
+
"pack",
|
|
45
|
+
"patch",
|
|
46
|
+
"patch-commit",
|
|
47
|
+
"prune",
|
|
48
|
+
"publish",
|
|
49
|
+
"purge",
|
|
50
|
+
"rebuild",
|
|
51
|
+
"release",
|
|
52
|
+
"remove",
|
|
53
|
+
"rm",
|
|
54
|
+
"set",
|
|
55
|
+
"set-script",
|
|
56
|
+
"unlink",
|
|
57
|
+
"uninstall",
|
|
58
|
+
"up",
|
|
59
|
+
"update",
|
|
60
|
+
"upgrade",
|
|
61
|
+
"version",
|
|
62
|
+
]);
|
|
63
|
+
const PACKAGE_EXEC_SUBCOMMANDS = new Set(["exec"]);
|
|
64
|
+
const PACKAGE_OPTION_VALUE_FLAGS = new Set([
|
|
65
|
+
"--config",
|
|
66
|
+
"--dir",
|
|
67
|
+
"--filter",
|
|
68
|
+
"--global-dir",
|
|
69
|
+
"--prefix",
|
|
70
|
+
"--project",
|
|
71
|
+
"--registry",
|
|
72
|
+
"--store-dir",
|
|
73
|
+
"--workspace",
|
|
74
|
+
"-C",
|
|
75
|
+
"-F",
|
|
76
|
+
"-w",
|
|
77
|
+
]);
|
|
78
|
+
function getPackageSubcommandIndex(tokens) {
|
|
79
|
+
for (let i = 1; i < tokens.length; i++) {
|
|
80
|
+
const token = tokens[i];
|
|
81
|
+
if (token === "--")
|
|
82
|
+
return undefined;
|
|
83
|
+
if (PACKAGE_OPTION_VALUE_FLAGS.has(token)) {
|
|
84
|
+
i++;
|
|
85
|
+
continue;
|
|
86
|
+
}
|
|
87
|
+
if (token.startsWith("--config=") ||
|
|
88
|
+
token.startsWith("--dir=") ||
|
|
89
|
+
token.startsWith("--filter=") ||
|
|
90
|
+
token.startsWith("--global-dir=") ||
|
|
91
|
+
token.startsWith("--prefix=") ||
|
|
92
|
+
token.startsWith("--project=") ||
|
|
93
|
+
token.startsWith("--registry=") ||
|
|
94
|
+
token.startsWith("--store-dir=") ||
|
|
95
|
+
token.startsWith("--workspace=")) {
|
|
96
|
+
continue;
|
|
97
|
+
}
|
|
98
|
+
if (token.startsWith("-"))
|
|
99
|
+
continue;
|
|
100
|
+
return i;
|
|
101
|
+
}
|
|
102
|
+
return undefined;
|
|
103
|
+
}
|
|
104
|
+
function nextNonOptionToken(tokens, startIndex) {
|
|
105
|
+
for (let i = startIndex; i < tokens.length; i++) {
|
|
106
|
+
const token = tokens[i];
|
|
107
|
+
if (token === "--")
|
|
108
|
+
continue;
|
|
109
|
+
if (token.startsWith("-"))
|
|
110
|
+
continue;
|
|
111
|
+
return token;
|
|
112
|
+
}
|
|
113
|
+
return undefined;
|
|
114
|
+
}
|
|
115
|
+
function isBlockedPackageScriptName(scriptName) {
|
|
116
|
+
const normalized = scriptName.toLowerCase();
|
|
117
|
+
return /(^|[:_-])(build|codegen|deploy|dev|fix|format|generate|install|preview|publish|release|serve|start|update|watch|write)([:_-]|$)/.test(normalized);
|
|
118
|
+
}
|
|
119
|
+
export function isBlockedPackageManagerInvocation(tokens, isBlockedCommandSegment) {
|
|
120
|
+
const rootCommand = normalizeCommandName(tokens[0] ?? "");
|
|
121
|
+
if (!PACKAGE_MANAGER_ROOTS.has(rootCommand))
|
|
122
|
+
return false;
|
|
123
|
+
if (rootCommand === "npx" || rootCommand === "corepack")
|
|
124
|
+
return true;
|
|
125
|
+
if (hasGenericWriteOrLongRunningFlag(tokens))
|
|
126
|
+
return true;
|
|
127
|
+
const subcommandIndex = getPackageSubcommandIndex(tokens);
|
|
128
|
+
if (subcommandIndex === undefined)
|
|
129
|
+
return false;
|
|
130
|
+
const subcommand = tokens[subcommandIndex];
|
|
131
|
+
const subcommandLower = subcommand.toLowerCase();
|
|
132
|
+
if (PACKAGE_EXEC_SUBCOMMANDS.has(subcommandLower)) {
|
|
133
|
+
const invoked = nextNonOptionToken(tokens, subcommandIndex + 1);
|
|
134
|
+
if (!invoked)
|
|
135
|
+
return false;
|
|
136
|
+
const invokedIndex = tokens.indexOf(invoked, subcommandIndex + 1);
|
|
137
|
+
return isBlockedCommandSegment(tokens.slice(invokedIndex));
|
|
138
|
+
}
|
|
139
|
+
if (subcommandLower === "run") {
|
|
140
|
+
const scriptName = nextNonOptionToken(tokens, subcommandIndex + 1);
|
|
141
|
+
return scriptName ? isBlockedPackageScriptName(scriptName) : false;
|
|
142
|
+
}
|
|
143
|
+
if (rootCommand === "pip" ||
|
|
144
|
+
rootCommand === "pip3" ||
|
|
145
|
+
rootCommand === "gem") {
|
|
146
|
+
return MUTATING_PACKAGE_SUBCOMMANDS.has(subcommandLower);
|
|
147
|
+
}
|
|
148
|
+
if (MUTATING_PACKAGE_SUBCOMMANDS.has(subcommandLower))
|
|
149
|
+
return true;
|
|
150
|
+
return isBlockedPackageScriptName(subcommandLower);
|
|
151
|
+
}
|
|
152
|
+
export function isBlockedSystemPackageManagerInvocation(tokens) {
|
|
153
|
+
const rootCommand = normalizeCommandName(tokens[0] ?? "");
|
|
154
|
+
if (!SYSTEM_PACKAGE_MANAGER_ROOTS.has(rootCommand))
|
|
155
|
+
return false;
|
|
156
|
+
const subcommandIndex = getPackageSubcommandIndex(tokens);
|
|
157
|
+
if (subcommandIndex === undefined)
|
|
158
|
+
return false;
|
|
159
|
+
return MUTATING_PACKAGE_SUBCOMMANDS.has(tokens[subcommandIndex].toLowerCase());
|
|
160
|
+
}
|
|
161
|
+
//# sourceMappingURL=command-policy-packages.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"command-policy-packages.js","sourceRoot":"","sources":["../../src/safety/command-policy-packages.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gCAAgC,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAIpE,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,KAAK;IACL,OAAO;IACP,UAAU;IACV,KAAK;IACL,MAAM;IACN,MAAM;IACN,KAAK;IACL,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;CACP,CAAC,CAAC;AAEH,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAC;IAC3C,KAAK;IACL,SAAS;IACT,MAAM;IACN,KAAK;IACL,KAAK;CACN,CAAC,CAAC;AAEH,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAC;IAC3C,KAAK;IACL,OAAO;IACP,WAAW;IACX,YAAY;IACZ,IAAI;IACJ,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,cAAc;IACd,KAAK;IACL,QAAQ;IACR,KAAK;IACL,GAAG;IACH,QAAQ;IACR,MAAM;IACN,SAAS;IACT,MAAM;IACN,MAAM;IACN,OAAO;IACP,cAAc;IACd,OAAO;IACP,SAAS;IACT,OAAO;IACP,SAAS;IACT,SAAS;IACT,QAAQ;IACR,IAAI;IACJ,KAAK;IACL,YAAY;IACZ,QAAQ;IACR,WAAW;IACX,IAAI;IACJ,QAAQ;IACR,SAAS;IACT,SAAS;CACV,CAAC,CAAC;AAEH,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;AAEnD,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC;IACzC,UAAU;IACV,OAAO;IACP,UAAU;IACV,cAAc;IACd,UAAU;IACV,WAAW;IACX,YAAY;IACZ,aAAa;IACb,aAAa;IACb,IAAI;IACJ,IAAI;IACJ,IAAI;CACL,CAAC,CAAC;AAEH,SAAS,yBAAyB,CAAC,MAAgB;IACjD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,KAAK,KAAK,IAAI;YAAE,OAAO,SAAS,CAAC;QACrC,IAAI,0BAA0B,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1C,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QACD,IACE,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC;YAC7B,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC;YAC1B,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC;YAC7B,KAAK,CAAC,UAAU,CAAC,eAAe,CAAC;YACjC,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC;YAC7B,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC;YAC9B,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC;YAC/B,KAAK,CAAC,UAAU,CAAC,cAAc,CAAC;YAChC,KAAK,CAAC,UAAU,CAAC,cAAc,CAAC,EAChC,CAAC;YACD,SAAS;QACX,CAAC;QACD,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QACpC,OAAO,CAAC,CAAC;IACX,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,kBAAkB,CACzB,MAAgB,EAChB,UAAkB;IAElB,KAAK,IAAI,CAAC,GAAG,UAAU,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAChD,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,KAAK,KAAK,IAAI;YAAE,SAAS;QAC7B,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QACpC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,0BAA0B,CAAC,UAAkB;IACpD,MAAM,UAAU,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IAC5C,OAAO,iIAAiI,CAAC,IAAI,CAC3I,UAAU,CACX,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iCAAiC,CAC/C,MAAgB,EAChB,uBAAuC;IAEvC,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1D,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,WAAW,CAAC;QAAE,OAAO,KAAK,CAAC;IAE1D,IAAI,WAAW,KAAK,KAAK,IAAI,WAAW,KAAK,UAAU;QAAE,OAAO,IAAI,CAAC;IACrE,IAAI,gCAAgC,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAE1D,MAAM,eAAe,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAC1D,IAAI,eAAe,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAEhD,MAAM,UAAU,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC;IAC3C,MAAM,eAAe,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IAEjD,IAAI,wBAAwB,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAClD,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,EAAE,eAAe,GAAG,CAAC,CAAC,CAAC;QAChE,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAC3B,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,eAAe,GAAG,CAAC,CAAC,CAAC;QAClE,OAAO,uBAAuB,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC9B,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,EAAE,eAAe,GAAG,CAAC,CAAC,CAAC;QACnE,OAAO,UAAU,CAAC,CAAC,CAAC,0BAA0B,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IACrE,CAAC;IAED,IACE,WAAW,KAAK,KAAK;QACrB,WAAW,KAAK,MAAM;QACtB,WAAW,KAAK,KAAK,EACrB,CAAC;QACD,OAAO,4BAA4B,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC3D,CAAC;IAED,IAAI,4BAA4B,CAAC,GAAG,CAAC,eAAe,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnE,OAAO,0BAA0B,CAAC,eAAe,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,uCAAuC,CACrD,MAAgB;IAEhB,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1D,IAAI,CAAC,4BAA4B,CAAC,GAAG,CAAC,WAAW,CAAC;QAAE,OAAO,KAAK,CAAC;IAEjE,MAAM,eAAe,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAC1D,IAAI,eAAe,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAChD,OAAO,4BAA4B,CAAC,GAAG,CACrC,MAAM,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CACtC,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
export type ParseEntry = string | {
|
|
2
|
+
op?: string;
|
|
3
|
+
comment?: string;
|
|
4
|
+
};
|
|
5
|
+
export declare function parseCommand(command: string): ParseEntry[] | null;
|
|
6
|
+
/** Detect $() and backtick command substitution outside single quotes. */
|
|
7
|
+
export declare function hasCommandSubstitution(command: string): boolean;
|
|
8
|
+
export declare function hasUnsafeConstructs(entries: ParseEntry[]): boolean;
|
|
9
|
+
export declare function hasUnsafeRedirects(entries: ParseEntry[]): boolean;
|
|
10
|
+
export declare function extractSegments(entries: ParseEntry[]): string[][];
|
|
11
|
+
//# sourceMappingURL=command-policy-parser.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"command-policy-parser.d.ts","sourceRoot":"","sources":["../../src/safety/command-policy-parser.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG;IAAE,EAAE,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAUpE,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU,EAAE,GAAG,IAAI,CAQjE;AAED,0EAA0E;AAC1E,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAmC/D;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,OAAO,CA0BlE;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,OAAO,CA6BjE;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,MAAM,EAAE,EAAE,CAmBjE"}
|